概述
SecurityFilterAutoConfiguration的作用是自动配置一个DelegatingFilterProxyRegistrationBean,这个bean通过name找到SecurityAutoConfiguration中往spring容器中添加名称为springSecurityFilterChain的过滤器并进行代理,最终将这个springSecurityFilterChain添加到ServletContext。
SecurityFilterAutoConfiguration
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
| @Configuration
@ConditionalOnWebApplication(type = Type.SERVLET)
@EnableConfigurationProperties(SecurityProperties.class)
@ConditionalOnClass({ AbstractSecurityWebApplicationInitializer.class, SessionCreationPolicy.class })
@AutoConfigureAfter(SecurityAutoConfiguration.class)
public class SecurityFilterAutoConfiguration {
private static final String DEFAULT_FILTER_NAME = AbstractSecurityWebApplicationInitializer.DEFAULT_FILTER_NAME;
@Bean
@ConditionalOnBean(name = DEFAULT_FILTER_NAME)
public DelegatingFilterProxyRegistrationBean securityFilterChainRegistration(
SecurityProperties securityProperties) {
DelegatingFilterProxyRegistrationBean registration = new DelegatingFilterProxyRegistrationBean(
DEFAULT_FILTER_NAME);
registration.setOrder(securityProperties.getFilter().getOrder());
registration.setDispatcherTypes(getDispatcherTypes(securityProperties));
return registration;
}
private EnumSet<DispatcherType> getDispatcherTypes(SecurityProperties securityProperties) {
if (securityProperties.getFilter().getDispatcherTypes() == null) {
return null;
}
return securityProperties.getFilter().getDispatcherTypes().stream()
.map((type) -> DispatcherType.valueOf(type.name()))
.collect(Collectors.collectingAndThen(Collectors.toSet(), EnumSet::copyOf));
}
}
|
- 在SecurityAutoConfiguration配置完成之后再进行配置,SecurityAutoConfiguration中进行了很多基本配置,其中名称为springSecurityFilterChain的bean就是在其中配置的
- 将DelegatingFilterProxyRegistrationBean注册到spring容器中,它代理的过滤器就是springSecurityFilterChain,最终在应用启动时,会将它代理的过滤器注册到ServletContext中
总结
SecurityFilterAutoConfiguration将DelegatingFilterProxyRegistrationBean注册到spring容器中,委托它找到spring容器中name为springSecurityFilterChain的过滤器,在应用启动时将该过滤器添加到ServletContext中。